On Mon, Mar 25, 2024 at 09:24:23AM +0100, Alexander Leidinger wrote:
> thought-chain could be:
> IF there is no MITM, and IF the session is encrypted, then at least use good
> encrpytion so that an attacker which is only able to listen, is not able to
> get the content.
But, in that case, the vast majority of servers will advertise a DH
group of 2048-bits or more. Refusing to complete the TLS handshake
will result in a cleartext delivery.
> Also: this is not a specific recommendation for SMTP, it is a generic
> recommendation for encrypted communication independent from the context it
> is used in, so there may be no thought at all about opportunistic TLS.
Exactly, and even then the general case is much too strict in many
contexts, not just opportunistic TLS in SMTP. Often, the content is not
very sensitive, and communication at "adequate" security levels takes
priority over a maximal security posture.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
